EU AI Code of Practice: what changes for synthetic content producers from 2 August 2026

The implementation framework for Article 50 of Regulation (EU) 2024/1689 took operational shape in May 2026. On 8 May the European Commission published the draft Guidelines on the implementation of the transparency obligations of the AI Act, in parallel with the second draft of the Code of Practice on marking and labelling of AI-generated content released on 5 March. For companies producing synthetic content in marketing, generative customer service, voice synthesis, promotional video and internal training, the picture is no longer hypothetical: on 2 August 2026 the rules become applicable.

The operational problem is twofold. On one hand, enterprises must define a label that is legally adequate for the content, the channel and the exposed audience. On the other, they must keep verifiable evidence of what was produced as synthetic content, when, by whom, and with which model, because whoever challenges the label or the content in court will ask exactly that. The answer to both needs sits on an architectural choice: treat transparency as a user-visible layer and provenance as a separate evidentiary layer, integrated at the very origin of the content.

What the Commission's draft Guidelines of 8 May 2026 say

The draft published by the European Commission on 8 May 2026 is a roughly 40-page document, open for public consultation until 3 June and intended to apply from 2 August 2026 alongside Article 50. The text provides practical guidance to competent authorities, providers and deployers of AI systems, covering the full perimeter of Article 50, including parts not addressed by the Code of Practice such as self-identification obligations for interactive AI systems and notices for emotion recognition and biometric categorisation systems.

The most relevant element for content producers is the qualification of the information duty. The transparency information must be clear, distinguishable, and repeated over time for each subject exposed to the content. "Clear" means perceivable and easy to understand without effort; "distinguishable" means visually separated from the rest of the content, not buried in terms of service or nested menus; "repeated" means that anyone joining halfway through a broadcast, a video or a chat session must still receive the notification, because the obligation activates per exposed subject, not just on the first viewer. For video marketing this translates into persistent labels, not just opening ones.

The document also clarifies the distinction between providers and deployers. The provider designs the system and marks the synthetic content upstream in machine-readable format. The deployer applies the visible label downstream and informs the exposed person. Platforms that merely distribute third-party content are not classified as deployers under the AI Act, but remain within the editorial responsibility perimeter of other regulations.

The Code of Practice on marking of 5 March 2026 and the EU icon

The second draft of the Code of Practice on marking and labelling of AI-generated content was published on 5 March 2026, building on contributions gathered after the first draft of January and on the work of hundreds of participants from industry, academia, civil society and Member States. The final version is expected in early June 2026, with applicability from 2 August.

The most operational change is structural. Section 1 for providers introduces a two-layered marking approach based on secured metadata and watermarking, with fingerprinting as an option. Section 2 for deployers drops the "AI-generated versus AI-assisted" taxonomy of the first draft and adopts a more flexible approach focused on design standards for labels and icons. The logic is to reduce compliance burden without weakening the recognisability of synthetic content.

The annex now includes illustrative examples of a possible common EU icon, to be defined in a dedicated task force and made available to Code signatories. The aim is to offer a single visual language recognisable to European users, on the model of food quality marks. For enterprises this means that, if the Code is adopted, the visible label can rely on a standard graphic element instead of a proprietary choice on a case-by-case basis.

The point to grasp is the voluntary nature of the Code. Non-signatories do not violate the law, but they must demonstrate to competent authorities how they meet the same obligations through their own means. The drafts explicitly signal that signatories receive "increased trust" from enforcement, while non-signatories face more stringent scrutiny with gap analyses on a case-by-case basis.

Which corporate content falls under transparency obligations

Article 50 applies to anyone producing or distributing content generated or manipulated by AI systems. For a European enterprise, this means revisiting four families of content produced on a recurring basis.

The first family is audiovisual marketing. Advertising campaigns using synthetic voices of real spokespeople, AI avatars, photorealistic images generated by generative AI systems, or videos in which a real face has been modified, all fall within the draft's definition of deepfake. According to the Guidelines, this definition is independent of the deployer's intent to deceive. What counts is the outcome: if the content would falsely appear authentic to a diverse audience, including those with lower digital literacy, the labelling obligation triggers. The draft further clarifies that the artistic work exception applies in attenuated form and does not cover content with a primarily informative or commercial purpose, thus excluding AI-generated celebrity deepfakes in advertising.

The second family is generative customer service. Support chatbots, virtual assistants on websites or apps, synthetic voices of AI-based IVR responders: all fall within the self-identification obligation of Article 50(1), which requires the system to make obvious to the user that they are interacting with a machine. The draft grants the obviousness exception only where the artificial nature is already evident, citing professional developer tools and non-player characters in video games as examples. For corporate assistants and embedded helpdesk chatbots, the exception does not apply.

The third family is voice synthesis and internal training videos. When a company produces training videos with generated avatars, synthetic voices of fictitious trainers, or reconstructions of operational scenarios with non-real characters, the content is synthetic and must be labelled. Even in internal settings, because transparency protects the individual exposed subject, not the contractual relationship between employer and employee.

The fourth family is communication on matters of public interest. When an enterprise publishes AI-generated texts on matters of public relevance (policy positions, ESG communications, public affairs content), Article 50(4) requires explicit labelling, subject only to the narrow exceptions provided.

Upstream marking and downstream labelling: two layers to keep separate

The logic of the Code of Practice draft of 5 March is clear on a point often confused in corporate conversations. The technical marking of content, machine-readable, is one thing. The user-visible label is another. The two live on different layers and respond to different needs.

Upstream marking serves to make content detectable as synthetic by verification systems, search engines, distribution platforms and in case of litigation. The Code promotes a two-layered approach: signed metadata embedded in the file and perceptible or imperceptible watermarking applied to the content, with fingerprinting as a complementary option. Open and interoperable standards are the direction signalled by the Commission to reduce adoption costs, because a single proprietary format per platform would make the system fragile.

The downstream label serves the individual user. It must be clear, distinguishable, repeated. If the deployer is a communications agency, it must be able to apply the label on all exposure points, including social channels, newsletters, embeds in third-party pages. Compliance does not stop at a footer note on the first viewing.

Keeping the two layers separate has an important practical consequence for compliance. Technical marking is a capability of the generation system; the visible label is a capability of the distribution channel. Enterprises producing synthetic content must ensure both layers are governed coherently along the entire chain, from model to final channel. Without this coherence, in case of a challenge, the company finds itself exposed on two fronts simultaneously: formal non-compliance with the visible label and inability to demonstrate which model, when, and with what parameters generated the content.

The evidentiary side: why certification at the origin matters

There is a dimension that Article 50 does not directly regulate but that becomes decisive when one moves from formal compliance to defence in court or in audit. It is the evidentiary side. If a synthetic content is challenged (for transparency violation, for defamation through deepfake, for unauthorised use of an image, for contractual disputes over advertising material), the company must be able to demonstrate in a manner enforceable against third parties three things: that the content was produced with a certain system, at a defined moment, by an identified subject.

The AI Act requires "machine-readable" marking of content but does not impose a chain of evidence signed by a qualified third party. Technical marking can be altered, removed, replaced along the content lifecycle. Metadata can be rebuilt. Watermarks can be attenuated or eroded by file recompression. For baseline compliance this can suffice. For the evidentiary side, before a market authority, in a courtroom, in an internal or insurance audit, it does not.

The most solid way to manage this risk is to certify the synthetic content at the origin, at the exact moment it is generated or manipulated. Certification binds the file to an electronic seal of a qualified trust service provider (QTSP) and to a qualified timestamp issued under the eIDAS regulation. From that moment, the content carries with itself proof enforceable against third parties of its state at a determined instant: whoever tries to modify it after certification breaks the signature, and the breakage is algorithmically demonstrable.

Regulation (EU) 910/2014 eIDAS establishes the European legal regime for qualified trust services. A qualified timestamp enjoys a presumption of accuracy of the date and time it indicates and of integrity of the data with which the date and time are associated. A qualified electronic seal enjoys the presumption of integrity of the data and correctness of origin. Combined on a synthetic content, qualified timestamp and qualified seal produce evidence that has legal recognition in all Member States of the Union, without the need for bilateral agreements between jurisdictions.

What is a Data Authenticity Platform and how it integrates with AI Act obligations

TrueScreen is a data authenticity platform that acquires and certifies digital content with legal value, integrating the electronic seal of qualified third-party trust service providers and the qualified timestamp via API. The certified content carries with itself proof enforceable against third parties of its state at the exact moment of certification, regardless of subsequent manipulations.

On the AI Act front, the value of a data authenticity platform is complementary to that of marking and labelling. While marking and labelling answer Article 50 on the transparency plane, certification at the origin answers the evidentiary question that inevitably follows: "Can you prove what you produced, when, with which system, and that it was not altered afterwards?". Without this answer, formal compliance remains exposed to challenge.

What TrueScreen does in practice for a synthetic content

When a company produces a promotional video with a synthetic voice of its chief executive, TrueScreen acquires the finalised file and applies certification at the origin. The certified file carries with itself the unique reference to the declared generation system, the identification of the producing subject, the qualified timestamp and the electronic seal applied by the integrated QTSP via API. The certification log is tamper-evident.

If the same company produces an internal training video with generated avatar and synthetic narration, the same flow ensures that the producer is identified and that the date and time of generation are fixed in an enforceable manner. If in the future someone claims the video was modified after publication, signature verification on the file demonstrates deterministically whether integrity remained intact or was breached.

How TrueScreen relates to marking and labelling

TrueScreen does not replace the technical marking of an AI provider, does not replace the visible label applied by the deployer. It adds an evidentiary layer above both. Marking tells us the content is synthetic. The label communicates this to the exposed user. Certification binds that specific content to an identified subject, to a precise moment and to a seal of a qualified third party. The three layers together form a coherent chain: technical transparency, visible transparency, evidentiary enforceability.

For compliance and legal functions, this stratification also simplifies audit management. The question "how do you prove you labelled correctly?" turns into three independent answers, each verifiable in isolation: the file marking, the certified screenshot of publication with the label, the tamper-evident log of the content certification. A compliance officer or DPO reconstructing a case months later finds each piece independently verifiable.

Operational compliance programme: what to do by 2 August 2026

Enterprises producing synthetic content have a three-month window between June (final versions of Guidelines and Code) and August (entry into force of obligations) to bring their setup into shape. A realistic operational programme rests on five blocks.

Inventory of synthetic content produced. Map by business area (marketing, communication, customer service, HR, training, public affairs) what gets generated with AI systems or their components, with what frequency, on which channels. Without an inventory, risk assessment is impossible.

Classification by applicable regime. For each content family, identify which paragraph of Article 50 applies and which exception is potentially available. Exceptions must be documented case by case: the authority does not accept generic claims of "obvious nature".

Technical marking design. Verify that the AI systems used support the two-layered marking foreseen by the Code (secured metadata and watermarking). If providers do not support it natively, plan the adjustment roadmap with them.

Visible label design. Build a corporate library of consistent labels per channel (video, audio, text, image, chat) that satisfies the criteria of clarity, distinguishability and repetition. Coordinate with distribution partners on label persistence across their channels.

Evidentiary layer. Define which content, depending on risk (public visibility, legal exposure, reputational criticality), requires certification at the origin as an enforceable layer. For high-risk content, integrating a data authenticity platform such as TrueScreen adds the evidentiary side that the Guidelines do not impose but that case law will require in future disputes.